{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-25651","assignerOrgId":"6786b568-6808-4982-b61f-398b0d9679eb","state":"PUBLISHED","assignerShortName":"zte","dateReserved":"2023-02-09T19:47:48.023Z","datePublished":"2023-12-14T07:03:54.704Z","dateUpdated":"2024-08-02T11:25:19.271Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Linux"],"product":"Mobile Internet Products","vendor":"ZTE","versions":[{"lessThanOrEqual":"V1.0.0B01","status":"affected","version":"BD_MF833U1V1.0.0B01","versionType":"V1.0.0B01"},{"lessThanOrEqual":"V1.0.0B04","status":"affected","version":"CR_LVWRGBMF286RV1.0.0B04","versionType":"V1.0.0B04"}]}],"datePublic":"2023-08-29T08:17:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\nThere is a SQL injection vulnerability in some ZTE mobile internet&nbsp;products.&nbsp;Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.\n\n"}],"value":"\nThere is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.\n\n"}],"impacts":[{"capecId":"CAPEC-66","descriptions":[{"lang":"en","value":"CAPEC-66 SQL Injection"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"LOW","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-20","description":"CWE-20 Improper Input Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"6786b568-6808-4982-b61f-398b0d9679eb","shortName":"zte","dateUpdated":"2023-12-14T08:17:53.412Z"},"references":[{"url":"https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032684"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n<span style=\"background-color: rgb(255, 255, 255);\">BD_MF833U1V1.0.0B02,&nbsp;\n\n<span style=\"background-color: rgb(255, 255, 255);\">CR_LVWRGBMF286RV1.0.1B01</span>\n\n</span><br>"}],"value":"\nBD_MF833U1V1.0.0B02, \n\nCR_LVWRGBMF286RV1.0.1B01\n\n\n"}],"source":{"discovery":"UNKNOWN"},"title":"SQL Injection Vulnerability in Some ZTE Mobile Internet Products","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T11:25:19.271Z"},"title":"CVE Program Container","references":[{"url":"https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032684","tags":["x_transferred"]}]}]}}